Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Security Affairs

AUGUST 18, 2024

New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. Mad Liberator employs social engineering techniques to gain access to the victim’s environment, specifically targeting organizations using remote access tools like Anydesk.

Social Engineering 144

Social Engineering Engineering Ransomware Cybercrime 144

Joseph Steinberg

OCTOBER 24, 2022

An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window.

Cybersecurity 363

Cybersecurity Social Engineering Artificial Intelligence Insurance 363

Security Affairs

MAY 24, 2025

law firms for 2 years using callback phishing and social engineering extortion tactics. law firms using phishing and social engineering. FBI warns Silent Ransom Group has targeted U.S. The FBI warns that the Silent Ransom Group, active since 2022 and also known as Luna Moth, has targeted U.S.

Social Engineering 113

Social Engineering Antivirus Phishing Engineering 113

Security Affairs

APRIL 7, 2025

A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California. ” Source News4Jax The charges relate to his alleged role in the Scattered Spider cybercrime group (also known as UNC3944 , 0ktapus ). .” ” reported News4Jax. In January 2024, U.S.

Cybercrime 66

Cybercrime Identity Theft Social Engineering Hacking 66

Krebs on Security

JULY 22, 2020

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. ” Twice in the past year, the OGUsers forum was hacked , and both times its database of usernames, email addresses and private messages was leaked online.

Hacking 348

Hacking Accountability Scams Media 348

Security Affairs

MARCH 24, 2025

“Cloaks attack strategy involves acquiring network access through Initial Access Brokers (IABs) or social engineering methods such as phishing, malvertising, exploit kits, and drive-by downloads disguised as legitimate updates like Microsoft Windows installers.” ” reads a report published by Halcyon.

Ransomware 103

Ransomware Hacking Social Engineering Manufacturing 103

SecureWorld News

APRIL 22, 2025

A sophisticated cybercrime campaign, dubbed Elusive Comet , has been uncovered, in which North Korean threat actors are exploiting Zoom's remote control feature to infiltrate the systems of cryptocurrency professionals. billion hack of the Bybit exchange in February 2025.

Cryptocurrency 90

Cryptocurrency Social Engineering Cybercrime Engineering 90

Security Affairs

FEBRUARY 20, 2023

Social engineering techniques are becoming increasingly sophisticated and are exploiting multiple emerging means, such as deep fakes. The increasing use of videoconferencing platforms and the various forms of remote work also adopted in the post-emergency covid make interpersonal collaborations increasingly virtual.

Social Engineering 98

Social Engineering Engineering Artificial Intelligence Computers and Electronics 98

Security Affairs

DECEMBER 25, 2024

TraderTraitor activity is often characterized by targeted social engineering directed at multiple employees of the same company simultaneously.” Researchers attributed the hack of Harmonys Horizon bridge and Sky Mavis Ronin Bridge to North Korea-linked threat actors. BTC ($308M). FBI concludes.

Cryptocurrency 122

Cryptocurrency Social Engineering Hacking Cybercrime 122

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. Multiple security firms soon assigned the hacking group the nickname “ Scattered Spider.” 9, 2024, U.S. technology companies during the summer of 2022.

Social Engineering 359

Social Engineering Mobile Cybercrime Passwords 359

Krebs on Security

JANUARY 19, 2021

In the years leading up to his arrest, Ferizi was the administrator of a cybercrime forum called Pentagon Crew. He admitted to hacking a U.S.-based based e-commerce company, stealing personal and financial data on 1,300 government employees, and providing the data to an Islamic State hacking group.

Identity Theft 349

Identity Theft Government Accountability Social Engineering 349

Security Affairs

OCTOBER 11, 2024

Rather than using advanced hacking techniques, they exploited systems with default credentials to compromise target networks. Observed ChatGPT behavior mainly involved reconnaissance, threat actors used the OpenAI’s platform to seek info on companies, services, and vulnerabilities, similar to search engine queries.

Malware 136

Malware Social Engineering Engineering Hacking 136

Security Affairs

MAY 17, 2025

Google warns that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting U.S. The financially motivated group UNC3944 (also known as Scattered Spider , 0ktapus ) is known for social engineering and extortion. They exploit help desks and outsourced IT via social engineering for high-impact attacks.

Retail 66

Retail Social Engineering Cybercrime Financial Services 66

Security Affairs

APRIL 21, 2025

The malware is delivered via social engineering, attackers attempt to trick victims into tapping cards on infected phones. Calls enable social engineering in a Telephone-Oriented Attack Delivery (TOAD) scenario. Analysis of the SuperCard X campaign in Italy revealed custom malware builds tailored for regional use.

Malware 106

Malware Social Engineering Banking Engineering 106

SecureWorld News

JUNE 5, 2023

Specifically, the advisory highlights the utilization of social engineering techniques by DPRK state-sponsored cyber actors, with a focus on their hacking activities targeting think tanks, academia, and media organizations worldwide. At the forefront of these cyber threats is a group known as Kimusky.

Social Engineering 96

Social Engineering Engineering Government Cyber threats 96

Krebs on Security

FEBRUARY 17, 2021

Confirmed thefts attributed to the group include the 2016 hacking of the SWIFT payment system for Bangladesh Bank, which netted thieves $81 million; $6.1 billion from banks and other victims worldwide. The group is thought to be responsible for the attempted theft of approximately $1.2

Cryptocurrency 344

Cryptocurrency Financial Services Banking Government 344

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Google Play)

Social Engineering 129

Social Engineering Media Mobile Scams 129

Security Affairs

FEBRUARY 3, 2025

” Crazy Evil is referred as a traffer team, which is a group of social engineering specialists tasked with redirecting legitimate traffic to malicious landing pages. The cybercrime gang focused on targeting the Web3 and decentralized finance industry. These factors make it a persistent cyber threat.

Scams 84

Scams Media Cryptocurrency Cybercrime 84

Security Affairs

MAY 17, 2025

“Contact information acquired through social engineering schemes could also be used to impersonate contacts to elicit information or funds.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,deepfake) ” reads the alert issued by the FBI.

Government 122

Government Social Engineering Authentication Accountability 122

SecureWorld News

FEBRUARY 15, 2024

Uncovered by cybersecurity firm Group-IB , GoldPickaxe exists in both Android and iOS versions and was developed by a suspected Chinese hacking group called "GoldFactory." The hackers rely heavily on social engineering tactics to distribute the malware.

Social Engineering 103

Social Engineering Mobile Authentication Engineering 103

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 363

Phishing VPN Social Engineering Media 363

Krebs on Security

APRIL 30, 2020

In a report published today, the company said since late March 2020 it has observed several crooks complaining about COVID-19 interfering with the daily activities of their various money mules (people hired to help launder the proceeds of cybercrime). ” Alex Holden , founder and CTO of Hold Security , agreed. .

Cybercrime 359

Cybercrime Computers and Electronics Marketing Scams 359

Security Affairs

APRIL 17, 2025

In a documented instance, attackers used a ClickFix social engineering tactic to trick users into running a PowerShell command that downloads and installs Node.js Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter) to deploy malicious payloads. components.

Social Engineering 115

Social Engineering Malware Cryptocurrency Engineering 115

The Last Watchdog

JUNE 21, 2020

In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations. Forward outlook Ransomware is a dynamic and increasingly hybrid segment of cybercrime. The big names that pioneered in these targeted attacks are Sodinokibi (aka REvil) and Ryuk.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

eSecurity Planet

APRIL 8, 2025

A new and dangerous AI-powered hacking tool is making waves across the cybercrime underworld and experts say it could change the way digital attacks are launched. Xanthorox reasoner advanced mimics human reasoning, helping attackers craft more believable phishing messages or manipulate targets through social engineering.

Social Engineering 108

Social Engineering Phishing Engineering Cybercrime 108

Security Affairs

NOVEMBER 15, 2024

Threat actors relies on social engineering tactics like ClickFix and FakeCaptcha to trick users into executing malicious scripts via PowerShell or Run prompts. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, malware)

Encryption 116

Encryption Password Management Cryptocurrency Social Engineering 116

Herjavec Group

AUGUST 26, 2021

We can learn a lot from the cybercrime of the past…the history of cybercrime is a glimpse into what we can expect in the future. In the past 18 months, we’ve experienced the beginning of an era that has seen cybersecurity and cybercrime at the center of it all. Dateline Cybercrime . Robert Herjavec.

Cybercrime 135

Cybercrime Computers and Electronics Banking Hacking 135

Security Affairs

DECEMBER 1, 2024

CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog Thai police arrested Chinese hackers involved in SMS blaster attacks Zyxel firewalls targeted in recent ransomware attacks Malware campaign abused flawed Avast Anti-Rootkit driver Russia-linked APT TAG-110 uses targets Europe and Asia Russia-linked threat (..)

Cybercrime 71

Cybercrime Firewall Social Engineering Ransomware 71

Hot for Security

JUNE 25, 2021

The Western District of Washington has sentenced a Ukrainian man to seven years in prison for his role in a hacking gang that are estimated to have caused more than one billion dollars worth of damage. Earlier this year, another member of FIN7 was sentenced to 10 years in jail for his involvement in the cybercrime gang’s activities.

Hacking 137

Hacking Penetration Testing Social Engineering Retail 137

Heimadal Security

APRIL 8, 2022

Hamas-linked cybercrime organization dubbed ‘APT-C-23’ was noticed catfishing Israeli officials working in defense, law, enforcement, and government institutions, resulting in the deployment of new malware. The post APT-C-23 Hacking Group Targets Israeli Officials in Catfish Campaign appeared first on Heimdal Security Blog.

Hacking 97

Hacking Social Engineering Spyware Cybercrime 97

SecureWorld News

FEBRUARY 27, 2025

billion hack of cryptocurrency exchange Bybit to North Korea's state-sponsored hacking group, TraderTraitor, more commonly known as the infamous Lazarus Group. This statement underscores the increasing reliance on the private sector to assist in mitigating cybercrime in the digital asset space.

Hacking 60

Hacking Cryptocurrency Cybercrime Social Engineering 60

Krebs on Security

AUGUST 26, 2020

For several years beginning around 2010, a lone teenager in Vietnam named Hieu Minh Ngo ran one of the Internet’s most profitable and popular services for selling “ fullz ,” stolen identity records that included a consumer’s name, date of birth, Social Security number and email and physical address. BEGINNINGS.

Identity Theft 355

Identity Theft Computers and Electronics Hacking Accountability 355

SecureWorld News

MAY 16, 2025

Scattered Spider is a financially motivated threat actor group known for its social engineering prowess, SIM-swapping attacks, and living-off-the-land (LOTL) techniques. The group is well known to employ social engineering tactics to gain access, so hardening your help desk is an immediate first step in defense," Staynings continued.

Retail 74

Retail Social Engineering Engineering Telecommunications 74

Security Affairs

FEBRUARY 27, 2023

Data allegedly stolen from the American gaming giant Activision in December security breach were leaked on a cybercrime forum. A threat actor leaked on the Breached hacking forum the data allegedly stolen from the gaming giant Activision in December 2022. Activision was breached December 4th, 2022. ” states the post.

Hacking 98

Hacking Cybercrime Social Engineering Data breaches 98

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, Smishing Triad )

Social Engineering 111

Social Engineering Phishing Banking DNS 111

Security Affairs

FEBRUARY 9, 2025

US Justice Department says cybercrime forum allegedly affected 17 million Americans Cybercrime is increasingly complex.

Spyware 61

Spyware Cybercrime Scams Social Engineering 61